﻿using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;

public partial class ajax_updateuser : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["id_user"] != null && Session["permission"] != null
            && (((int)Session["permission"]) >= 2 && ((int)Session["permission"]) <= 3))
        {
            #region  get userId and check current user and user with userId have both register
            int userId = 0;
            try
            {
                userId = Int32.Parse(Request["id"]);
                if (userId <= 0)
                    throw new Exception();
            }
            catch
            {
                userId = 0;
            }

            if (userId == 0)
            {
                Response.Write("FAIL");
                return;
            }

            // get parentId of userId
            int parentId = -1;
            string sql = "SELECT parentId FROM [user] WHERE id=" + comm.to_sql(userId.ToString(), "number");
            DataTable dtTable = dal.SelectTable(sql);
            if (dtTable.Rows.Count != 1)
            {
                Response.Write("FAIL");
                return;
            }
            parentId = Int32.Parse(dtTable.Rows[0]["parentId"].ToString());
            if (parentId == -1)
            {
                Response.Write("FAIL");
                return;
            }
            // check parentId of userId and current user
            if (parentId != 0 && ((int)Session["permission"]) == 2) // userId is not userId of register and current user is register
            {
                if (parentId != Int32.Parse(Session["id_user"].ToString()))
                {
                    Response.Write("FAIL");
                    return;
                }
            }
            if (parentId != 0 && ((int)Session["permission"]) == 3) //  userId is not userId of register and current user is manager
            {
                int managerId = Int32.Parse(Session["id_user"].ToString());
                sql = "SELECT parentId FROM [user] WHERE id=" + comm.to_sql(managerId.ToString(), "number");
                dtTable = dal.SelectTable(sql);
                if (dtTable.Rows.Count != 1)
                {
                    Response.Write("FAIL");
                    return;
                }
                if (parentId != Int32.Parse(dtTable.Rows[0]["parentId"].ToString()))
                {
                    Response.Write("FAIL");
                    return;
                }
            }

            if (parentId == 0 && ((int)Session["permission"]) == 2) // userId is userId of register and current user is register
            {
                if (userId != Int32.Parse(Session["id_user"].ToString()))
                {
                    Response.Write("FAIL");
                    return;
                }
            }

            if (parentId == 0 && ((int)Session["permission"]) == 3) //  userId is userId of register and current user is manager
            {
                int managerId = Int32.Parse(Session["id_user"].ToString());
                sql = "SELECT parentId FROM [user] WHERE id=" + comm.to_sql(managerId.ToString(), "number");
                dtTable = dal.SelectTable(sql);
                if (dtTable.Rows.Count != 1)
                {
                    Response.Write("FAIL");
                    return;
                }
                if (userId != Int32.Parse(dtTable.Rows[0]["parentId"].ToString()))
                {
                    Response.Write("FAIL");
                    return;
                }
            }
           
            #endregion

            #region Check and standard input
            string fullname = comm.to_sql(comm.StandardString(Request["fullname"]), "string");
            // check username
            string username = comm.RemoveSpace(Request["username"]);
            if (username.Length == 0)
            {
                Response.Write("FAIL");
                return;
            }
            username = comm.to_sql(username, "string");
            sql = "SELECT id FROM [user] WHERE userName=" + username;
            dtTable = dal.SelectTable(sql);
            if (dtTable.Rows.Count > 1)
            {
                Response.Write("DUPLICATE");
                return;
            }
            else if (dtTable.Rows.Count == 1)
            {
                if (userId != Int32.Parse(dtTable.Rows[0]["id"].ToString()))
                {
                    Response.Write("DUPLICATE");
                    return;
                }
            }

            // check email
            string email = comm.RemoveSpace(Request["email"]);
            if (email.Length == 0 || !comm.isValidEmail(email))
            {
                Response.Write("FAIL");
                return;
            }
            email = comm.to_sql(email, "string");
            sql = "SELECT id FROM [user] WHERE email=" + email;
            dtTable = dal.SelectTable(sql);
            if (dtTable.Rows.Count > 1)
            {
                Response.Write("EMAIL");
                return;
            }
            else if (dtTable.Rows.Count == 1)
            {
                if (userId != Int32.Parse(dtTable.Rows[0]["id"].ToString()))
                {
                    Response.Write("EMAIL");
                    return;
                }
            }

            // check password
            string password = Request["password"];

            string phone = comm.to_sql(comm.RemoveSpace(Request["phone"]), "string");
            string permission = "5";
            try
            {
                int permis = Int32.Parse(Request["permission"]);
                if (permis >= 3)
                    permission = permis.ToString();
                else
                    throw new Exception();
            }
            catch
            {
                permission = "5";
            }
            string mailwhenwork = (Request["mailwhenwork"] == "true") ? "1" : "0";
            string mailwhencomment = (Request["mailwhencomment"] == "true") ? "1" : "0";

            #endregion

            #region Update user
            if (parentId == 0)  // user with userId is register => don't change permission
            {
                if (password.Length != 0)
                {
                    password = comm.to_sql(password, "string");
                    sql = " UPDATE [user] " +
                          " SET userName=" + username + ",password=" + password + ",email=" + email + ",phone=" + phone + ",fullname=" + fullname +
                          ",mailwhenwork=" + mailwhenwork + ",mailwhencomment=" + mailwhencomment +
                          " WHERE id=" + comm.to_sql(userId.ToString(), "number");
                }
                else
                {
                    sql = " UPDATE [user] " +
                          " SET userName=" + username + ",email=" + email + ",phone=" + phone + ",fullname=" + fullname +
                          ",mailwhenwork=" + mailwhenwork + ",mailwhencomment=" + mailwhencomment +
                          " WHERE id=" + comm.to_sql(userId.ToString(), "number");
                }
            }
            else
            {
                if (password.Length != 0)
                {
                    password = comm.to_sql(password, "string");
                    sql = " UPDATE [user] " +
                          " SET userName=" + username + ",password=" + password + ",permission=" + permission + ",email=" + email + ",phone=" + phone + ",fullname=" + fullname +
                          ",mailwhenwork=" + mailwhenwork + ",mailwhencomment=" + mailwhencomment +
                          " WHERE id=" + comm.to_sql(userId.ToString(), "number");
                }
                else
                {
                    sql = " UPDATE [user] " +
                          " SET userName=" + username + ",permission=" + permission + ",email=" + email + ",phone=" + phone + ",fullname=" + fullname +
                          ",mailwhenwork=" + mailwhenwork + ",mailwhencomment=" + mailwhencomment +
                          " WHERE id=" + comm.to_sql(userId.ToString(), "number");
                }
            }
            if (dal.Execute(sql) == 1)
            {
                Response.Write("OK");
                return;
            }
            else
            {
                Response.Write("FAIL");
                return;
            }
            #endregion
        }
    }
}
